Ransomware, malware, and trojans—oh my. With the average user receiving 121 emails per day, it should come as no surprise that all these attacks are trying to infiltrate your customers’ networks through their employees’ inboxes. In fact, Barracuda Security Insight recently identified a new attempt to launch a Quant Loader trojan, which can distribute ransomware and password stealers.

In a recent Threat Spotlight, Jonathan Tanner, a software engineer at Barracuda, shared the details of this attack and how to successfully thwart cybercriminals that attempt this type of attack on one of your customers. Here’s an excerpt of the insight he had to share:

“In the world of email, an unfamiliar file extension—especially one that is compressed alone in a ZIP file—is often a sure sign of a new malware outbreak. This was no exception when zipped Microsoft internet shortcut files with a ‘.url’ file extension started showing up in emails claiming to be billing documents last month. These shortcut files use a variation on the CVE-2016-3353 proof-of-concept, containing links to JavaScript files (and more recently Windows Script Files). However, in this instance the URL was prefixed with ‘file://’ rather than ‘http://’ which fetches them over Samba rather than through a web browser. This has the benefit of executing the contained code using WScript under the current user's profile rather than requiring browser exploitation, although it does prompt the user before doing so. The remote script files are heavily obfuscated, but all result in downloading and running Quant Loader when allowed to execute.”

How to identify and mitigate the Quant Loader

To help your SMB customers avoid becoming the next victim of this attack, we compiled a list of tips to help you educate them.

How to identify the attack: This attack is distributed through a URL extension starting with file:// which opens Samba. This downloads Quant Loader, a trojan used to deliver malware and password stealers, and the victim is redirected to a random key generator file to be downloaded.

Mitigating the risk: To help customers avoid this attack, educate them on the above warning signs and on email security best practices. Attacks like this prey on users who are untrained and blindly click links and attachments. Remind customers how to identify a phishing attack by verifying the sender, hovering over any suspicious links, and putting technical safeguards in place.

New threats are surfacing every day, so it’s important to continually remind your customers about cybersecurity best practices. While this attack uses a new file extension and social engineering tactics, it still preys on uneducated users. Taking the time to educate customers about these attacks can help save them from becoming a victim.

To learn more about how Barracuda MSP can help you with your security education needs, please visit this link.